A computer virus discovered by the state's Executive Office of Labor and Workforce Development April 20 may have allowed data thieves to steal confidential information, such as names, addresses and Social Security numbers, The Boston Globe reported Wednesday.
The virus, known as Qakbot, did not infect the labor department's hard drives, so it could have only stolen information entered into the labor department's computers from April 19 through last Friday, officials said.
Workers noticed on April 20 that their computers were running slowly, but the virus was not detected or removed from the computers by the Symantec security system the department was using, as it was a new variation of the virus, a state official said. It also took time to detect and correct the problem, because hard drives were not affected, the Globe reported.
The breach was reported Tuesday, leading many to ask why it took so long for the state to divulge the problem.
A state law requires businesses to reveal a data breach, "as soon as practicable and without unreasonable delay,'' the newspaper said.
"If these criminals already have your Social Security number, and they're running around out there doing fraud, you didn't even have a chance to put a freeze on your credit report,'' said Chester Wisniewski a network security analyst at Sophos Corp.
John Glennon, chief information officer for the Massachusetts Executive Office of Labor and Workforce Development, said it was unclear what data, if any, had been taken.
"We don't know what may have been compromised," he said.
Glennon said the labor department's computers were protected by Symantec's latest anti-virus software, but were hit by a new variant of Qakbot that wasn't detected by the program.
Agency workers began to complain that their computers were running sluggishly -- a common indication that machines have been infected with a virus -- and network managers tried in vain to clean the infected machines. They eventually discovered that the virus was capturing information being typed on the keyboards of infected computers. In a sense, that was good news, according to Glennon, because it meant the virus did not copy files stored on the infected computers' hard drives.